Network event based security and home automation

ABSTRACT

Methods and systems of a wireless access point (WAP) configured to support wireless communications on a wireless local area network (WLAN). In an example system, a WAP with a non-volatile memory storing network event rules that indicate conditional parameters for an action for a targeted device, includes an event detection circuit to gather and analyze wireless communications activity, and a rule initiation circuit to initiate an action for a target device indicated by a network event rule. In an example, the rule initiation circuit is to initiate an action for a target device indicated by a network event rule, where the conditional parameters are satisfied at least in part by the gathered wireless communications activity from the one or more wireless stations.

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of prior filed ProvisionalApplication No. 62/305,132 filed on Mar. 8, 2016 entitled “Network EventBased Security and Home Automation” and co-pending Non-Provisionalapplication Ser. No. 15/436,852 filed on Feb. 19, 2017 entitled “NetworkEvent Based Security and Home Automation” which are incorporated hereinby reference in its entirety as if fully set forth herein.

BACKGROUND OF THE INVENTION 1. Field of Invention

The field of the present invention relates in general to wireless localarea networks including wireless access points (WAP) and security andhome automation methods therefore.

2. Description of the Related Art

Home and office networks, a.k.a. wireless local area networks (WLAN) areestablished using a device called a Wireless Access Point (WAP). The WAPmay include a router. The WAP wirelessly couples all the devices of thehome network, e.g. wireless stations such as: computers, printers,televisions, digital video (DVD) players, security cameras and smokedetectors to one another and to the Cable or Subscriber Line throughwhich Internet, video, and television is delivered to the home. MostWAPs implement the IEEE 802.11 standard which is a contention basedstandard for handling communications among multiple competing devicesfor a shared wireless communication medium on a selected one of aplurality of communication channels. The frequency range of eachcommunication channel is specified in the corresponding one of the IEEE802.11 protocols being implemented, e.g. “a”, “b”, “g”, “n”, “ac”, “ad”.Communications follow a hub and spoke model with a WAP at the hub andthe spokes corresponding to the wireless links to each ‘client’ device.

After selection of a single communication channel for the associatedhome network, access to the shared communication channel relies on amultiple access methodology identified as Carrier Sense Multiple Access(CSMA). CSMA is a distributed random access methodology for sharing asingle communication medium, by having a contending communication linkback off and retry access when a prospective collision on the wirelessmedium is detected, i.e. if the wireless medium is in use.

Communications on the single communication medium are identified as“simplex” meaning, one communication stream from a single source node toone or more target nodes at one time, with all remaining nodes capableof “listening” to the subject transmission. Starting with the IEEE802.11ac standard and specifically ‘Wave 2’ thereof, discretecommunications to more than one target node at the same time may takeplace using what is called Multi-User (MU) multiple-inputmultiple-output (MIMO) capability of the WAP. MU capabilities were addedto the standard to enable the WAP to communicate with multiple singleantenna single stream devices concurrently, thereby increasing the timeavailable for discrete MIMO video links to wireless HDTVs, computerstablets and other high throughput wireless devices the communicationcapabilities of which rival those of the WAP. The IEEE 802.11ax standardintegrates orthogonal frequency division multiple access (OFDMA) intothe WAP or stations capabilities. OFDMA allows a WAP to communicateconcurrently on a downlink with multiple stations, on discrete frequencyranges, identified as resource units.

Despite the increasing reliance on WAPs to service home and businesscommunication requirements there has been little change in the functionsprovided by the WAP. What is needed are improved methods for operatingwireless local area networks in homes and businesses.

SUMMARY OF THE INVENTION

The present invention provides a method and apparatus for a wirelessaccess point (WAP), individually or collectively with a remote server toprovide network event based security and home automation.

In an embodiment of the invention a wireless access point (WAP) isconfigured to support wireless communications with wireless stations onat least one selected wireless communication channel on a wireless localarea network (WLAN) within a structure. The WAP includes a plurality oftransmit and receive components, a non-volatile memory, an eventdetection circuit and a rule initiation circuit. The plurality ofcomponents couple to one another to form transmit and receive paths forprocessing wireless communications on the at least one selected wirelesscommunication channel. The non-volatile memory stores network eventrules, each of which tags a station to monitor and actions to initiatefor a targeted device if the tagged station undergoes a network event.The event detection circuit monitors each wireless station for atransition in communication status corresponding to a network event, andidentifies the wireless station and the network event. The ruleinitiation circuit determines whether the identified station and networkevent corresponds with one of the network event rules for the identifiedstation in the non-volatile memory, and in the event of a match,initiates the action prescribed for the corresponding targeted device.

The invention may be implemented in hardware, firmware, circuits orsoftware.

Associated methods are also claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features and advantages of the present invention willbecome more apparent to those skilled in the art from the followingdetailed description in conjunction with the appended drawings in which:

FIG. 1 is a system view of a wireless local area network event basedsecurity and home automation system in accordance with an embodiment ofthe invention;

FIGS. 2A-C are respectively a system view, a graphical user interface,and a data structure diagram, of a wireless local area network (WLAN)event based security and home automation system in accordance with anembodiment of the invention;

FIGS. 3A-D are hardware block diagrams of embodiments of respectivelythe WAP and detailed hardware block diagrams of the station transition,condition test and action initiation circuits of the network eventcircuit which are part of the WAP;

FIGS. 4A-C are hardware block diagrams of various devices configured toexecute network event rule execution in a WLAN in accordance with anembodiment of the current invention; and

FIG. 5 is a process flow diagram of processes associated with networkevent based security and home automation in accordance with anembodiment of the current invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

FIG. 1 is a system view of a wireless local area network event basedsecurity and home automation system in accordance with an embodiment ofthe invention. A home 100 is shown in plan view. The residence 100includes numerous wireless devices, a.k.a. stations or clients, whichassociate with a wireless access point (WAP) 102 to form a wirelesslocal area network, the radio frequency coverage of which 102A extendsaround the perimeter of the home. Some of the wireless devices belong toindividual members of the household such as mobile phones, notebookcomputers and tablets. These include: the personal mobile phone 120B andnotebook computer 120C which belong to Dad 120A; the mobile phone 122Band notebook 122C which belong to Mom 122A; the mobile phone 124B andnotebook 124C which belong to Sister 124A; the mobile phone 126B andnotebook 126C which belong to Brother 126A; the mobile phone 128B whichbelongs to the kid's babysitter/nanny 128A. Some of the wireless devicesare integrated into the home for the benefit of the whole family suchas: a WiFi activated lock 150, a WiFi activated light switch 152, a WiFiactivated camera 154, and a WiFi activated thermostat 156. These latterintegrated wireless devices are in an embodiment of the inventioncoupled wirelessly/wired to and activated by the WAP when correspondingnetwork event rules shown in table 140 call for that activation. Eachnetwork event rule tags a wireless station to monitor for specificnetwork event, and an action to initiate on a targeted device when thatspecific network event is detected.

The network event rules shown in table 140 may be entered into the WAPby the home or business owner, or may be programmatically entered by theWAP itself based on behavioral patterns of the occupants detected by theWAP, e.g. Mom arrives home as detected by the association of her mobilephone 122B with the WAP and turns up the thermostat 156. The WAP caneven be programmed with network event rules for wireless devicesbelonging to people who are not members of the household and whosewireless devices are not tagged. A network event rule can be tagged to“wildcard” or untagged devices such as mobile phone 130B belonging to3^(rd) parties such as robbers, repairman, or guests 130A.

Typically a tagged/untagged wireless device triggers a network eventwhen the WAP determines that its: a) association status with respect tothe WAP has changed, from associated to unassociated and vice-versa; b)received signal strength indication (RSSI) has increased or decreasedabove a threshold amount; c) proximity toward or away from the WAP haschanged;

and d) location around and within the home has changed. In the exampleshown in the plan view of home 100 Mom arrives home with her mobilephone 122B. As she approaches the door to the home at location 104A, herphone initiates a connection with the WAP by sending a probe packet 106.The WAP receives this packet over link 108A, and initiates theauthentication and association process which is part of the IEEE 802.11standard. By the time Mom enters the kitchen her mobile phone 122B atlocation 104B has associated over link 108B with the WAP 102. The WAPdetects any one or all of these changes in: proximity, location, RSSIand Association status of Mom's phone, as a network event and proceedsto determine if the event corresponds with one or more of the networkevent rules in table 140.

In table 140 each row corresponds to a network event rule for a taggeddevice and each column corresponds to a field of each rule. The 1^(st)column identifies the tagged device by medium access control (MAC)address, or by an icon, or other unique identifier. Tagging may alsoinclude friendly labels for the tagged device, such as “Mom's Phone” or“Dad's notebook”. A “wildcard” tag is available which lets anyunidentified phone or other mobile wireless device be tagged so thatwhen the WAP detects its presence in or around the home a network eventmay be triggered.

The 2^(nd) column identifies the network event for the tagged phone thatwill act as a trigger initiating the action(s) delineated for the rule.Network events include changes for the tagged device: in associationstatus, or changes above a threshold amount in any one or all of: RSSI,proximity or location. Network events may also include friendly labelsfor the event, such as “Arrive Home” or “Leave Home” or “Near Home” or“Outside home” or “Not home”.

The 3^(rd) column lists conditions precedent, if any, to initiating theaction(s) prescribed by the network event rule. The 4th column lists atargeted device on which to initiate the action shown in the 5th column.The 6th column lists a targeted device on which to initiate the actionshown in the 7th column. The 8th column lists a targeted device on whichto initiate the action shown in the 9th column.

Each network event rule tags a station to monitor for a network eventand actions to execute on one or more targeted devices if the taggedstation undergoes a network event. In an embodiment of the invention, a‘wild card’ tag may be applied to a rule, thereby making the ruleapplicable to any new or unidentified stations that are within range ofthe WAP. In another embodiment of the invention each network event rulemay include one or more conditions the fulfillment of which is requiredbefore initiating the corresponding action. Examples of such conditionsinclude: station association or connection status, station location orproximity relative to the WAP. Additional conditions may include: timeof day, e.g. day or night, or day of week, e.g. weekdays or weekends.

After the homeowner has tagged each family member's wireless device(s)with network event rules, on a WAP administrative GUI such as that shownin FIG. 2C the following example home security and automation scenariosare practicable using the native capabilities of the WAP, or a WAPoperating cooperatively with a remote computer device on a Telco service‘Cloud’.

Network event rule 142A: tags Mom's cell phone as the device to monitorand the triggering network event as her arrival at home. The ruleincludes a condition, e.g. that Mom be near to the front door, beforeany of the action(s) on one or more targeted devices are initiated. Whenthe probing by Mom's phone as it approaches the door at position 104A isdetected by the WAP that network event triggers the testing of thecondition(s) if any, and if met the actions of: notifying Dad's mobilephone and Notebook that Mom is home; initiating the opening of the frontdoor and turning the lights on. The triggering may be based exclusivelyon change in association status of Mom's phone fromunassociated-to-associated as detected by the WAP, or less crudely bythe WAP's determination based on either RSSI, or Multiple-inputMultiple-output beamforming direction of link 108A the door at which Momis entering the house.

Network event rule 142B: tags Mom's cell phone as the device to monitorand the triggering network event as her departure from the home. Therule includes a condition, e.g. that no one else is home, before any ofthe action(s) on one or more targeted devices are initiated. Theprescribed condition would be tested by determining whether any stationsbelonging to other household members or business employees are currentlyassociated with the WAP, and if not then initiating the designatedaction(s) on the targeted device(s), e.g. turning off the light switchor lowering the temperature of the structure. When Mom's phonedisassociates from the WAP as she leaves the door, the WAP's detectionof this network event triggers the testing of the condition(s), and ifmet, the actions of: notifying Dad's mobile phone and Notebook that Momhas left home; initiating the locking of the front door and turning thelights off. The triggering may be based exclusively on change inassociation status of Mom's phone from unassociated-to-associated asdetected by the WAP.

Network event rule 142C: tags the babysitter's, a.k.a. Nanny's, mobilephone 1288 as the device to monitor and the triggering network event asher departure from the home. The rule includes a condition, e.g. thateither or both the kids are home alone, i.e. without their parents,before any of the action(s) on one or more targeted devices areinitiated. The prescribed chained condition would be tested by the WAP'sdetermining from its node table, whether any stations belonging to thekids are currently associated with the WAP, and if so, determiningwhether any stations belonging to either parent is currently associatedwith the WAP. When the determination is made that no parent is at homewith the kid(s) then the designated action(s) are initiated on thetargeted device(s) in this case Dad's and Mom's phones to which the WAPsends a notification.

Network event rule 142D: tags the Mom's mobile phone 122B as the deviceto monitor and the triggering network event as her arrival at home. Therule includes a condition, e.g. that it is Mom who is trying to open thegarage door with a remote, before any of the action(s) on one or moretargeted devices are initiated. When Mom's phone as it approaches thedoor is detected by the WAP that network event triggers the WAP to allowher remote activation of the door opener to continue allowing the garagedoor to open. This rule provides an extra level of security to theoperation of the garage door opener by requiring WAP validation that theparty pressing the remote is a member of the household as evidenced bytheir possession of a tagged device, i.e. phone 1228, and further by thecurrent association of that device with the WAP.

Network event rule 142E: tags the Mom's mobile phone 122B and notebookcomputer 122C as the devices to monitor and the triggering network eventas her absence from the home. The rule includes a condition, e.g. thatMom is not home after an expected time, e.g. 7 pm. At 7 pm the WAPchecks its node table to determine if either of Mom's devices iscurrently associated with the WAP. If the condition is met, i.e. thatMom is not home after 7 pm as evidenced by the absence of either of herpersonal devices in the node table, then the prescribed action isinitiated, e.g. notifying Dad of her absence.

Network event rule 142F: tags the sisters mobile phone 124B and notebookcomputer 124C as the devices to monitor and the triggering network eventas her leaving the home. The rule includes a condition, e.g. that whenshe leaves home it needs to be with an adult, e.g. one of her parents orthe babysitter. The triggering network event is her departure from thehome, as detected by the WAP, in the form of decreased RSSI followed bydisassociation. At that point the WAP determines, on the basis of itsrolling association history in its successively saved node tablesnapshots, whether the sister's departure coincided in time with thedisassociation of one of the parents of babysitters mobile or computerdevices. If it did, then the presumption is that Sis left home with thatadult. If none of the adult's devices concurrently disassociated fromthe WLAN then the Network event's condition is met, and the prescribedactions are initiated. This includes initiating the transmission ofalerts to Dad's two target devices, i.e. phone and notebook computer,that Sis has left the house unaccompanied by an adult.

Network event rule 142G: tags the Nanny's mobile phone 128B as a deviceto monitor and the triggering network event as her presence in the home,as evidenced in the association/node table maintained by the WAP. Therule includes a condition, e.g. that Nanny is at home alone with noother family member, adult or child, in the home with her. After thetriggering event, the WAP periodically checks its association table,a.k.a. its node table, to determine if any of the family's wirelessdevices are currently associated with the WAP. If the condition is met,i.e. that Nanny is at home alone, as evidenced by her cell phone'scurrent association with the WAP and by the absence of any of the otherfamily member's wireless devices in the association table, then theprescribed action is initiated, e.g. notifying Dad of her presence.

Network event rule 142H: uses the ‘wildcard’ tag applicable to all newwireless devices or untagged wireless devices that have never beentagged by the homeowner as devices to be monitored, whether or notassociated with the WLAN. Some of these devices are discovered by theWAP as a result of their probe requests. The identity of others of thesedevices is discovered by the WAP during channel scanning and deep packetinspection of any intercepted communications to or from these devices.The triggering network event is the WAP's discovery of these deviceswithin its range, i.e. proximate to the home. The WAP then checks thecondition(s) delineated in the rule, i.e. that the time of discoveryfalls in the interval between 11 pm and 7 am. If the condition is met,then the prescribed actions are initiated by the WAP. An intruder alertis sent to the target device(s), e.g. Dad's mobile phone and notebookcomputer, and the outdoor lights on the residence are turned on, via anAPI command from the WAP to the switch for the outdoor lights.

Network event rule 142I: also uses the ‘wildcard’ tag applicable to allnew wireless devices or untagged wireless devices that have never beentagged by the homeowner as devices to be monitored, whether or notassociated with the WLAN. Some of these devices are discovered by theWAP as a result of their probe requests. The identity of others of thesedevices is discovered by the WAP during channel scanning and deep packetinspection of any intercepted communications to or from these devices.The triggering network event is the WAP's discovery of these devices.The WAP then checks the condition(s) delineated in the rule, i.e. thatthe untagged device is within the home and that no other family memberis also in the home. This latter determination is made by the WAP on thebasis of its node table listing currently associated family devices. Ifthe condition is met, i.e. that no family devices are currently in thehome, then the prescribed actions are initiated by the WAP. An intruderalert is sent to the target device(s), e.g. Dad's mobile phone andnotebook computer, and the lights in the residence are turned on, via anAPI command from the WAP to the switch for the lights and any securitycamera or video camera in the home is turned on.

The same security and automation features discussed above are availableto a business. Tagged devices can include stationary WiFi enabledequipment such as printers or scanners or copiers, with the applicablenetwork event rule, used to monitor these assets and notify the owner ifthey are lost, stolen, inactive or failed as evidenced by theirdisassociation from the corresponding WLAN.

FIGS. 2A-C are respectively a system view, a graphical user interface,and a data structure diagram, of a wireless local area network (WLAN)event based security and home automation system in accordance with anembodiment of the invention.

FIG. 2A is a system view of a wireless local area network (WLAN) eventbased security and home automation system in accordance with anembodiment of the invention in which the WAP includes a connection to aremote network event computer server device 212 provided by a Telco orInternet Service Provider's (ISP) cloud 210. In this embodiment of theinvention the WAP and the ISP's remote computer device 212 operatetogether to provide the aforesaid WiFi network event based security andhome or business automation. A plan view of home 100 is shown with theWAP 102 and a desktop computer 200. The WAP is coupled to the remotecomputer device 212. The desktop computer 200 is wire/wirelessly coupledto the WAP. A graphical user interface (GUI) 220 is shown for enteringthe network event rules. The GUI may be provided directly by the WAP, orfrom the remote computer device 212.

FIG. 2B is the data structure diagram of the network event rule table140 shown in FIG. 1.

FIG. 2C is a detailed view of the network event entry form GUI 220 fromwhich the home or business owner can enter the network events rules intothe network event rule table 140. This GUI can be provided by WAP 102 orthe remote network event computer device 212 in alternative embodimentsof the invention. The network event entry form in the embodiment of theinvention shown in FIG. 2C is shown as an HTML web page provided in theuser's browser over the local network. It could alternately be providedas a dedicated application, or as a webpage from the Telco/ISP's networkevent rule setup site.

The form is accessed in this embodiment of the invention as a web page220 accessible via entry into the browser's address/URL entry field 222of the URL for the WAP on either the local area network, or via theInternet from the Telco's network event remote computer device 212.

The form includes sliding windows 240-242 in which the wireless devicesassociated with the WAP are shown. In the embodiment of the inventionshown these associated devices are split into two groups. Sliding windowshows user stations 240 and sliding window 242 shows the remainingassociated stations, a.k.a. WAP stations. The stations identified as WAPstations are those not affiliated with any particular user, ratherdevices providing security and automation to the home for example suchas: remotely controllable locks, light switches and surveillance devicessuch as cameras. All these devices have been at one time or anotherassociated with the WAP, and the WAP and or the remote computer device212 retains their identities and relevant access URL's. Sliding window250 shows stations that have been in range of the WAP but which have notassociated with the WAP. These stations could be the WiFi enabled mobilephones of: delivery or repair people; neighbors, guests or visitors; andintruders or robbers. The WAP or the remote computer device retainsidentity and capability information for these devices. The WAPconstantly updates both the Associated and unassociated station lists240-242 and 250.

The form also includes: a tagged device field 224, network event fields226 and action fields 228. The network event fields 226 include: adropdown list trigger field to select the triggering event, e.g. leavingor entering the home or business; and a condition field for enteringapplicable conditions if any. The action fields include a target devicefield 230 and a dropdown list action field for selecting the appropriateaction to initiate on the targeted device, e.g. notification, alert,turn on or off, start or stop.

The workflow for entering network event rule 142A discussed above inconnection with FIG. 1 proceeds as follows in an embodiment of theinvention. If Dad is the administrator of the network event rule table,then he drags and drops the icon corresponding with Mom mobile phonefrom associated device window 240 into tagged device window 224. Then heselects “Arrive Home” as the triggering network event from the dropdownlist trigger field in the network event 226 portion of the form.Optionally he can enter “Proximity to the front door” as a condition inthe eponymous field of the network event portion 226 of the form. Next,Dad drags the icon corresponding to his mobile phone from the associateduser station window 240 into the target device field 230 of the actionfield portion 228 of the form. Next, he selects the desired action, e.g.initiate transmission of notification to the targeted device, from thedropdown list action field. Finally, he presses the “enter/submit”button at which point he is provided the opportunity to enter anyfurther target device-n-action pairs into the rule. He then drags anddrops the remote control lock icon from the associated WAP stationwindow 242 into the target device window 230 and selects the action ofopening the lock from the dropdown list action field. He again clicks“enter” and is again asked if he has further target device action pairsfor this rule. He then drags and drops the remote control light switchicon from the associated WAP station window 242 into the target devicewindow 230 and selects the action of turning on the light from thedropdown list action field. He again clicks “enter” and completes theentry of the network event rule 142A which is entered into the networkevent rule table 140 maintained by either or both the WAP 102 and theremote computer device 212 maintained by the Telco or ISP.

FIGS. 3A-D are hardware block diagrams of embodiments of respectivelythe WAP and detailed hardware block diagrams of the station transition,condition test and action initiation circuits of the network eventcircuit which are part of the WAP. The WAP may have one or more antenna.The WAP 102 is shown with a MIMO pair of antenna 359A-B for supporting awireless local area network (WLAN) which provides associated stations,access to the Internet 302. In an embodiment of the invention the WAPprovides the network event based security and home automation on itsown. In an embodiment of the invention the WAP is also communicativelycoupled, via the shared broadband connection, to the remote cloud 210and specifically to the remote server 212 provided by the ISP or Telcowhich handles portions of the network event based security and homeautomation functions.

The WAP in this embodiment of the invention is identified as a 2×2multiple-input multiple-output (MIMO) WAP supporting as many as 2discrete communication streams over two antennas 359A-B. The WAP couplesto the Internet 302 via an integral Ethernet medium access control(EMAC) interface 319 over a cable, fiber, or digital subscriber line(DSL) backbone connection. A packet bus 318 couples the EMAC to the MIMOWiFi baseband 326, and the analog front end (AFE) and Radio Frequency(RF) stages 328.

In the baseband portion 326 wireless communications transmitted to orreceived from each user/client/station are processed. The basebandportion is dynamically configurable to support SU-MIMO or MU-MIMOtransmission to MU groups of two or more users/stations. The AFE and RFportion 328 handle the upconversion on each of transmit paths andwireless transmission initiated in the baseband. The RF portion alsohandles the downconversion of the signals received on the receive pathsand passes them for further processing to the baseband.

Transmission:

The transmit path/chain includes the following discrete and sharedcomponents. The WiFi medium access control (WMAC) component 330includes: hardware queues 332 for each downlink and uplink communicationstream; encryption and decryption circuits 334 for encrypting anddecrypting the downlink and uplink communication streams; medium accesscircuit 336 for making the clear channel assessment (CCA), and makingexponential random backoff and re-transmission decisions; and a packetprocessor circuit 338 for packet processing of the communicationstreams. The WMAC component has read access to a node table 339 whichlists each node/station on the WLAN, the station's capabilities, thecorresponding encryption key, and the priority associated with itscommunication traffic.

Each sounding or data packet for wireless transmission on the transmitpath components to one or more stations is framed in the framer 340.Next each stream is encoded and scrambled in the encoder and scrambler342 followed by interleaving and mapping in a corresponding one of theinterleaver mappers 344A-B. Next all transmissions are spatially mappedwith a spatial mapping matrix (SMM) 346 in the spatial mapper 348. Thespatially mapped streams from the spatial mapper are input to inversediscrete Fourier Transform (IDFT) components 350A-B for conversion fromthe frequency to the time domain and subsequent transmission in the AFTand RF stage.

Each IDFT is coupled to a corresponding one of the transmit path/chaincomponents in the AFT RF stage 328 for wireless transmission on anassociated one of MIMO antenna 359A-B. Specifically each IDFT couples toan associated one of the digital-to-analog converters (DAC) 352A-B forconverting the digital transmission to analog, upconverters 354A-B,coupled to a common voltage controlled oscillator (VCO) 366 forupconverting the transmission to the appropriate center frequency of theselected channel(s), filters 356A-B e.g. bandpass filters forcontrolling the bandwidth of the transmission, and power amplifiers358A-B for setting the transmit power level of the transmission on theMIMO antenna 359A-B.

Reception:

The receive path/chain includes the following discrete and sharedcomponents. Received communications on the WAP's array of MIMO antennaare subject to RF processing including downconversion in the AFE-RFstage 328. There are two receive paths each including the followingdiscrete and shared components: low noise amplifiers (LNA) 360A-B foramplifying the received signal under control of an analog gain control(AGC) for setting the amount by which the received signal is amplified,filters 364A-B for bandpass filtering the received signals,downconverters 368A-B coupled to the VCO 366 for downconverting thereceived signals, analog-to-digital converters (ADC) 370A-B fordigitizing the downconverted signals. The digital output from each ADCis passed to a corresponding one of the discrete Fourier transform (DFT)components 372A-B in the baseband portion 326 of the WiFi stage forconversion from the time to the frequency domain.

Receive processing in the baseband stage includes the following shal redand discrete components including: an equalizer 374 to mitigate channelimpairments which is coupled to the output of the DFTs 372A-B. Thereceived streams at the output of the equalizer are subject to demappingand deinterleaving in a corresponding number of thedemapper/deinterleavers 376A-B. Next the received stream(s) are decodedand descrambled in the decoder and descrambler component 378, followedby de-framing in the deframer 380. The received communication is thenpassed to the WMAC component 330 where it is decrypted with thedecryption circuit 334 and placed in the appropriate upstream hardwarequeue 332 for upload to the Internet 302.

The WAP also includes a network event circuit 304. The network eventcircuit couples to the aforesaid plurality of components which make upthe transmit and receive paths. The network event circuit includes: arule entry circuit 306, an event detection circuit 308, and a ruleinitiation circuit 310. The network event circuit couples tonon-volatile memory or storage 320.

The rule entry circuit 306 includes an administrative I/O circuit 306Afor presenting GUI 220 shown in FIG. 2C including icons corresponding toall associated and unassociated stations to the homeowner and a storageinterface circuit 306B for retrieving previously entered rules from thenetwork event rule table 322 in memory 320 for display to the user aswell as for storing newly adding or updated network event rules enteredby the user into the network event rule table 322.

The event detection circuit 308 shown in FIG. 3A and in detail in FIG.3B monitors each wireless station in range of the WAP for a transitionin communication status corresponding to a network event, and identifieseach wireless station and the network event it has triggered. The eventdetection circuit includes a WiFi stage interface 308A to the pluralityof components which make up the baseband 326 and AFE-FR stages 328, anassociation circuit, a sniffer circuit, an RSSI correlation circuit, anda beamforming direction circuit, all coupled to interface 308A as wellas to the transition detection circuit 308F. The association circuit308E couples via the WiFi stage interface to the WMAC circuit 330 toobtain information contained in its node table 339 as to each stationthat has probed the WAP whether or not associated with the WAP, as wellas stations that routinely probe and associate with the WAP, as well asthe capabilities and identity of each such station. The associationcircuit maintains a history of all such stations for presentment to theuser as either prospective devices to tag or target for network eventrules. The sniffer circuit 308D also couples via the WiFi stageinterface to the WMAC circuit 330 to obtain information contained it itsnode table 339 as to each station detected by the WAP during anyoff-channel scanning conducted by the WAP in the course of its normaloperation. Off channel scanning allows the WAP to evaluate unselectedcommunication channels as prospects if the current channel becomescongested. During the off channel scanning the WMAC circuit passes anyidentifying information on detected stations to the sniffer circuit.Stations may be detected either on the basis of their probing of the WAPduring the off-channel scan, or by deep packet inspection by the WMACcircuit of their transmissions during the off channel scan. The RSSIcorrelator circuit 308C couples via the WiFi stage interface to the WMACcircuit 330 and to the AGC 362 to determine the magnitude of the RSSI ofeach station whether or not associated with the WAP. The RSSI circuitmaintains a rolling history of each station's RSSI from the aggregate ofwhich it is able to determine the relative proximity of each station tothe WAP and inferentially to other stations in the home or business. TheBeamforming direction circuit 308B also couples via the WiFi stageinterface to the WMAC circuit 330 and to the spatial mapper 348 todetermine both sounding feedback matrices received from each station aswell as beamforming matrices 346 used to transmit communications to eachstation. The beamforming direction circuit processes these matrices todetermine at least the relative location of each station.

The transition detection circuit 308F couples to and receives input fromeach of the aforesaid circuits, i.e.: association circuit 308E, sniffingcircuit 308D, RSSI correlation circuit 308C, and beamforming directioncircuit 308B. The transition circuit monitors each over time anddetermines when an increase, decrease or change above a threshold amounthas occurred. These transitions correspond to network events. Thetransition detection circuit identifies for each transition thecorresponding station and network event and passes this information tothe rule initiation circuit and specifically the rule lookup circuit3108 thereof.

The rule initiation circuit 310 shown in FIG. 3A and in detail in FIG.3C determines whether the identified station and network eventcorresponds with one of the network event rules for the identifiedstation in the non-volatile memory, and in the event of a match,initiates the action prescribed for the corresponding targeted device.The rule initiation circuit includes a WiFi stage interface 310A to theplurality of components which make up the baseband 326 and AFE-FR stages328, a rule lookup circuit 3108, a condition test circuit 310C, astation identity circuit 310D, a station proximity and location circuit310E, a time of day and day of week circuit 310F, a target locatorcircuit 310G and an action initiation circuit 310H.

The rule lookup circuit 3108 receives input from the transitiondetection circuit 308F as to an identified station and correspondingnetwork event. The rule lookup circuit searches the network event ruletable 322 to determine whether there is a matching rule for which theidentified station is the tagged station.

The condition test circuit 310C receives input from the rule lookupcircuit as to any matching rule found in the network event rule table322. The condition test circuit determines whether there any conditionsassociated with the rule and if so interacts with the correspondingone(s) of the station identity, station proximity and location and timeof day and day of week circuit 310F to determine if the condition(s) aremet. The station identify circuit 310D receives input via WiFi stageinterface 310A and specifically the WMAC circuit 330 as to the numberand identity of associated stations. If the condition calls fordetermining whether someone is home alone, the station identify circuitmakes that determination based on the information obtained from the WMACcircuit. If the condition calls for determining whether the person athome alone is a family member the station identify circuit makes thatdetermination based on the information obtained from the WMAC circuit330 as well as from the tagged stations that the homeowner haspreviously identified as belonging to family members in the networkevent rule table. The proximity and location circuit 310G also receivesinput via the WiFi stage interface 310A from one or more of the WMACcircuit 330; the analog gain control (AGC) 362 and the spatial mapper348 as to either or both the proximity, relative or absolute location ofthe tagged station. Proximity may be determined relative to the WAP orrelative to one or more of the remaining stations in the home bymeasurements of the RSSI for each station obtained from the AGC 362.Location may be determined relative to the WAP or relative to one ormore of the remaining stations in the home by measurements of the RSSIfor each station obtained from the AGC 362 or more precisely from eitheror both the beamforming feedback matrices obtained from soundings of theassociated stations, or from beamsteering or beamforming matrices usedfor transmissions to those stations. If the condition calls fordetermining whether someone is at the front door as opposed to thegarage door, the proximity and location circuit makes that determinationbased on the information obtained from either or both the RSSI and thebeamforming matrices. The time of day and day of week circuit 310Fdetermines whether the current time of day or day of week matches theconditions in the network event rule.

The target locator circuit 310G receives input from the condition testcircuit 310C as to whether the condition(s) if any in the matchingnetwork event rule found by the rule lookup circuit 3108 are met. Ifthere are no conditions, or if there are conditions and they have allbeen met, then the target locator circuit determines how to communicatewith the station targeted by the rule, e.g. the URL, web address,station MAC, or phone number. In the case of a multiprotocol stationlike a mobile phone which has both 802.11 WiFi capability as well as3G/4G LTE capability the target locator determines how to communicatewith that tagged device. Next, the action initiation circuit 310Hinitiates the prescribed action on the targeted device. Where theprescribed action is a notification or alert the action initiationcircuit composes the notification or alert and sends it to the URL,address, or number identified by the target locator circuit. If theprescribed action calls for more complex activity, such as turning on aremotely controllable light switch or locking a remote controllable doorlock the action initiation circuit uses the appropriate API in itscommunications with the target device to initiate the required action.

In an embodiment of the invention the network event circuit is coupledto the remote computational device, e.g. remote server 212 provided bythe ISP or Telco. In another embodiment of the invention, the WAPoperates autonomously without connection to any network event “cloud”210.

In an embodiment of the invention the non-volatile memory accumulates atleast a portion of the historical records of each station's networkevents from the remote server 212 coupled to neighboring WAPs.

FIGS. 4A-C are hardware block diagrams of various devices configured toexecute network event rule execution in a WLAN in accordance with anembodiment of the current invention.

FIG. 4A shows a very large scale integrated circuit (VLSI) processor 400and non-volatile memory/storage element 320 configured to executenetwork event based security and home automation program code 324associated with the network event based security and home automationcircuit 304. The program code may be configured to run on a singledevice such as a WAP or station, or cooperatively on one or more hostdevices. The network event based security and home automation componentincludes modules or circuit or combinations of both which perform thecorresponding functions identified for the eponymous circuits shown anddiscussed above in connection with FIGS. 3A-C.

FIG. 4B shows the WAP 102 configured as a host device servicing a WLAN412 which includes one or more associated wireless stations (not shown).The WAP supports discrete communications with a station or concurrentmultiple user multiple-input multiple-output (MU-MIMO) communicationswith multiple stations. The WAP in this embodiment of the invention isidentified as a 2×2 WAP supporting as many as 2 discrete communicationstreams “a”, “b” over two antennas 359A-B. The WAP includes: theprocessor 400 and storage 320; the bus 318, a WLAN stage 414 including abase band stage 326, a radio frequency (RF) stage 328 and MIMO antennas359A-B. The WAP RF stage supports one or more IEEE 802.11 wireless localarea network (WLAN) protocols. The WAP also includes a modem 402 forcoupling via copper or fiber to an Internet Service Provider (ISP). Theprocessor in addition to supporting the IEEE 802.11 WAP functionalityalso executes the program code which provides part or all of the networkevent based security and home automation functionality as discussedabove.

In the baseband stage 326 transmitted communications for aclient/user/station are encoded and scrambled in encoder scramblermodule 342 and de-multiplexed into two streams in demultiplexer 420.Each stream “a”, “b” is subject to interleaving and constellationmapping in an associated interleaver mapper 344 and passed to thespatial mapper 348. The spatial mapper uses a beamsteering matrix 346determined from a prior isotropic sounding of the link with a station(not shown) to steer subsequent communications thereto. The beamsteeringmatrix specifies specific phase and amplitude adjustments for thecommunications on each antenna designed to steer the outgoingcommunications toward the recipient station. There is a discretebeamsteering matrix for each of the OFDM tones or sub-channels. Thecombined streams “ab” are injected into each of the OFDM tones orsub-channels 424A-B of the inverse discrete Fourier Transform (IDFT)modules 350A-B respectively. Each IDFT module is coupled via associatedupconversion circuitry in the RF stage 328 to an associated one of thepair of antenna 359A-B.

In the RF Stage 328 received communications “ab” on each of the twoantenna 359A-B from the user/station (not shown) are downconverted andsupplied as input to the baseband stage 326. In the baseband stage thereceived communications are then transformed from the time to thefrequency domain in the discrete Fourier Transform (DFT) modules 372A-Bfrom which they are output as discrete orthogonal frequency divisionmultiplexed (OFDM) tones/sub-carriers/sub-channels 416A-B. All receivedstreams are then subject to equalization in equalizer 374. Receivedsteams “ab” are subject to de-interleaving and constellation demappingin associated deinterleaver demapper modules 376, followed bymultiplexing in multiplexer 418. The received data “ab” is decoded anddescrambled in decoder descrambler 378.

FIG. 4C shows a Telco or ISP having a remote computational device, e.g.remote server 212 configured as a host device and coupled to theInternet 460. The remote server includes the processor 400 andnon-volatile storage 320; a bus 442, an input/output (I/O) module 444for interfacing with a user, a network module 446 for coupling to anetwork, a main memory 448 for storing and executing program code 324and data, a read only memory 450 for storing bootup program code. Theprocessor in addition to supporting the server functionality alsoexecutes the program code which may provide selected portions of thenetwork event based security and home automation functionality asdiscussed above. In an embodiment of the invention the WAP 102 relaysall network event based security and home automation to the remoteserver 212 which performs the rule entry, event detection and ruleinitiation functions for the WAP. In another embodiment of the inventionall network event based security and home automation functionalityresides on the WAP. In still another embodiment of the invention thenetwork event based security and home automation functions are performedcollaboratively by both the WAP and the remote server without departingfrom the scope of the claimed invention.

FIG. 5 is a process flow diagram of processes associated with networkevent based security and home automation in accordance with anembodiment of the current invention. Processes marked with a dashedborder may be executed on either a wireless access point (WAP), or on aremote computational device such as a remote “cloud” servercommunicatively coupled to one or more WAPs, or collaboratively on boththe WAP and the remote computational device, e.g. remote server, withoutdeparting from the scope of the Claimed invention.

In process 500 the entry of network event rules by the homeowner iseffected. Entry may be made on any mobile phone or computer via abrowser or administrative interface with the WAP or in an embodiment ofthe invention a remote server device, a.k.a. “Cloud” connected with theWAP. Each network event rule tags one or more stations to monitor for anetwork event and actions to execute on a targeted device if the taggedstation causes a network event. In process 502 each network event ruleis stored in a network event rule table on either the WAP or the remoteserver. Then in process 504 the WAP monitors the WLAN for activity ofall wireless stations both associated and unassociated. In an embodimentof the invention with a remote server the WAP may at this stage relaythe monitored results to the remote server for further processing. Inthe following process 506 any transitions in a stations communicationstatus corresponding to a network event are detected. Such transitionsinclude change in association status, and change above a threshold levelin any one or all of: RSSI, Proximity, or location. Next, in decisionprocess 508 a determination is made as to whether a network event hasbeen detected. If a network event has been detected then control passesto process 510 in which the station corresponding with the network eventis identified. Control is then passed to process 512 in which a lookupof the network event rule table is conducted to determine if there is amatching rule for the identified station and network event.

In decision process 514 a determination is made as to whether there is amatching rule in which the tagged station matches the identified stationand network event in process 512. If there is not a matching rule thenin process 516 the identified station is added to the monitored stationlist, if it is not already on that list, and control is returned to themonitoring process 506. Alternately, if there is a matching rule thencontrol passes to process 520. In process 520 a determination is made asto whether there are any conditions associated with the network event.If not then control passes directly to decision process 534. If thereare conditions then control passes to decision process 522. In decisionprocess 522 a determination is made as t the condition type and controlis then passed to the corresponding one of processes 524, 526, 528 forthe condition determination, e.g. satisfaction or failure. In process524 the number and identity of all stations in range of the WAP isdetermined and tested against the network event rule's condition, e.g.is the tagged station: home alone, or home with adult, or unidentifiedstation in home with no family member present, etc. Control is thenpassed to decision process 530. In process 526 the location and orproximity of all stations in range of the WAP is determined and testedagainst the network event rule's condition, e.g. is the tagged stationat the front door, or at the garage door, or inside the home, etc.Control is then passed to decision process 530. In process 528 the timeof day, or day of week, or interval of time in the dwelling isdetermined and tested against the network event rule's condition, e.g.is the tagged station in range of the WAP after midnight, or on aweekend, etc. Control is then passed to decision process 530. Indecision process 530 a determination is made as to whether there are anyadditional conditions that have not been tested and if there are controlreturns to process 522. Once all conditions have been tested, i.e. thereare no remaining untested conditions, then decision process 530 passescontrol to decision process 532 in which a determination is made as towhether all conditions have been met. If they have not then controlreturns to the monitoring process 504. If alternately, all conditionshave been met, then control passes to decision process 534.

In decision process 534 a determination is made as to the action typespecified in the network event rule. If the action type is anotification or alert then control is passed to process 538 for thecomposition and sending of the alert or notification to the targeteddevice. If the action type is an actuation, e.g. of a light, camera, orlock, then control is passed to process 536 for the initiation of theactuation of the light, camera or lock for example. Then in decisionprocess 540 a determination is made as to whether all actions prescribedin the rule have been initiated. If all actions have been initiated,i.e. if there are no remaining actions to initiate, then control returnsto process 504. Alternately, if all actions have not been initiated,i.e. if there are remaining actions to initiate, then control returns toprocess 534.

Examples

This home automation and security solution enables the owner of anAP/Wi-Fi network to: a) track known users who join the network; b) tracknon-malicious unauthorized requests (automatic, e.g. probe requests,small number of association requests); c) detect and track maliciousattacks e.g. multiple trials with probe requests with matching SSID butfailed 4 way handshake, large number of failed connection requestswithin a short period of time, WPS/WEP flaws, de-authentication packetsfrom outside the network, failed MAC filter, etc.; d) triggering othersecurity measures when unauthorized/new device is in vicinity, e.g. turnon front lights, position security camera etc.; e) tracking a losttagged device in a Telco network; f) tracking child monitors attached toinfants/babies/kids while they are with babysitters etc. while you areaway; g) controlling resources, e.g. air circulation, temperature,light, by monitoring active known/unknown devices in an area forenterprise applications or home automation. Authorized devices canmonitor home networks remotely through connected cloud services.

In an embodiment of the invention actions are triggered automatically onthe basis of OSI layer 2 events (e.g. probe requests, connectionattempts etc.). The events start a list-update and algorithm-run whichupdate a list locally or remotely and trigger an event, e.g. notify anauthorized user or switch off access to a part of the network. The APmaintains an internal list, locally or saved remotely on the cloud,containing identifying properties like MAC address, RSN, capabilities,etc. along with a timestamp and its network status for all devices thattrigger any network event, e.g. send probe request, join network etc.The network status has a one to one correspondence to a respectivenetwork event. Some examples of network status are: probe requestreception, successful association, associated but authenticationfailure, association rejected, active device, inactive device, taggeddevice etc. The AP can run two events: a list-update where it updatesthe maintained list and an algorithm-run where it runs a set ofpredefined algorithms which can trigger local events, e.g. switch onlights or remote events, e.g. notify an authorized device, etc. Thelist-update and algorithm-run events are triggered on each of the abovenetwork events for any station interacting with the AP. Note that forprobe request events, the device doesn't even need to make a connectionattempt or have the AP's SSID in the probe request list. The STA justneeds to send a probe request as a broadcast frame.

The following user defined actions can be taken by authorized users. Theuser, e.g. the owner of the AP/network, can tag devices in the list. Thetagging can be pre-empting (e.g. tagging family members, friends etc.)or once another event has happened (e.g. when a phone gets stolen, itcan be tagged so that if it shows up in or near any of the WLANs managedby a Telco “cloud” service the Telco's cloud service network can notifythe tagged stolen device to its owner. Authorized devices, enabled bythe user, can access this list remotely. User can setup predefinedrules/actions to be executed when a certain condition is met e.g. for acertain tagged device or a network event.

Normally, the AP is in the idle state. When a broadcast frame is noticedon the air, the AP checks the parameters on frame and depending on thesettings, e.g. if it matches the conditions for an event, e.g. tagged ornew device, it goes into the event detection state. If the AP receives alink setup request, e.g. an association or authentication request, itgoes into the link setup state. In either of these states furthertriggers can be detected depending on the settings, e.g. a tagged devicejoined the network, or a detected new device is tagged as stolen on theTelco's “cloud” server. When an event is detected, the local/remote listis updated with the observed device details and the event action, e.g.local or remote, is automatically started. If notifications are setup,they are sent to the authorized user notifying of the event.

Triggers (Network Events): In the case of a household, users can tagfamily members and household devices. In the case of a businesses, thecompany/owner can tag the employees or equipment. In the case of astore, the manager/owner can tag repeat/regular customers.

Tags: When a tagged user's wireless device, e.g. a family member'sdevice, joins the network after a period of idle time an action may betriggered. When a tagged user, e.g. a friend, comes close to your homeat night an action may be triggered. When an unknown device has multiplefailed connection attempts an action may be triggered. When frequentdenials happen from the same unknown device, the cloud can triggerstronger security measures (MAC address filtering) or blacklist thedevice, in addition to notifying the owner of the network an action maybe triggered. If the AP detects a known attack on WEP/VVPS/out ofnetwork de-auth, it will immediately disable the feature and notify theowner of the network.

Actions:

Actions taken in response to network events include: a) notifyingauthorized user(s) that the babysitter brought back kids from home; b)lowering the temperature when no users are at home for more than 30 min;c) switching on the porch light when a tagged user is close by at night;d) notifying authorized user(s) when a stolen phone shows up in a Telconetwork with exact coordinates etc; e) notifying authorized user(s) whenan unknown device tries and fails to connect to the network multipletimes; f) starting video recording in front of the garage when anunknown device shown up in the AP in the garage.

In an embodiment of the invention a cloud framework exists which the APcan access to store and query data. A user is able to tag known devices.Frequently, users are unaware of the details are shared automaticallyduring network joining and hence many people could share informationthat they don't want to. For example an AP could receive probe requestsof the neighbors and in the process save the list of other BSSIDscontained in the probe request, which may disclose the locations theyhave been to in the past. Special care should be taken to preventsnooping into sensitive data, e.g. tracking someone intentionallywithout their knowledge.

In another embodiment of the invention, all the data is kept in the APlocally. The trigger conditions prompt the user when the user connectsto the appropriate app/web UI of the AP. Alternatively, the data cantrigger a notification to the authorized users even when they are notconnected to the local network through a cloud service. The cloudservice is used only to route notifications and the data is alwaysstored locally. All the data is sent to a cloud server where the userhas registered and the log and triggers are managed remotely. All thedata and decisions are done in the cloud, so the authorized user doesn'tneed to be connected to the local network to manage it or receivenotifications.

In various embodiments of the invention user can setup network eventrules which: a) tag and log known and unknown devices based on theirlayer 2 protocol frames over the air, even without any connectionattempt to join the local network; b) track and log unknown devices nearour network; c) triggers can work for devices which don't even try toconnect to the network; d) ability to define custom triggers and actionsbased on network presence or access attempts; e) additionally thetriggers and actions don't need to be local; f) trigger remotenotifications and remote actions, using a cloud service, to anauthorized user based on OSI layer 2 events, default or user defined. g)trigger events based on a shared tagged list of known/unknown devicesthat authorized users can download locally or remotely; h) triggerevents based on a cloud connected network detecting a tagged deviceoutside the local network.

The components and processes disclosed herein may be implemented in acombination of software, circuits, hardware, and firmware, coupled tothe WAP's existing transmit and receive path components, and withoutdeparting from the scope of the Claimed Invention.

The foregoing description of a preferred embodiment of the invention hasbeen presented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formsdisclosed. Obviously, many modifications and variations will be apparentto practitioners skilled in this art. It is intended that the scope ofthe invention be defined by the following claims and their equivalents.

What is claimed is:
 1. A method comprising: gathering wirelesscommunications activity at a location of a wireless access point (WAP)of one or more wireless stations in proximity to the WAP; analyzing thegathered wireless communications activity to tag and track behavior ofthe one or more wireless stations in proximity to the WAP; determiningwhether the gathered wireless communications activity correspond toconditional parameters for a network event rule, wherein each networkevent rule indicate at least a triggering device tag, conditionalparameters, and an action for a target device operatively coupled to awireless local area network (WLAN) of the WAP; and in response tonetwork event rule conditional parameters being satisfied, initiatingthe action for the target device indicated by the network event rule,wherein the conditional parameters are satisfied at least in part by thegathered wireless communications activity from the one or more wirelessstations matching a tag of the network event rule.
 2. The method ofclaim 1, wherein the conditional parameters for a security network eventrule are satisfied at least in part by the gathered wirelesscommunications activity including intercepting probe requeststransmitted from an unknown wireless station, and the security networkevent rule initiates a security action for a security target device. 3.The method of claim 2, wherein the conditional parameters for thesecurity network event rule are further satisfied at least in part bydetermining an administrator tagged wireless station is not in proximityto the WAP, and the security action for the security target deviceincludes at least one of turning on a light, recording with a securitycamera, and notifying a remote security service.
 4. The method of claim1, wherein analyzing the gathered wireless communications comprisesmaintaining a table of tags to identify wireless stations and track thebehavior of each of the wireless stations.
 5. The method of claim 4,wherein a tag of a previously identified wireless station is used eachtime wireless communications activity of that identified wirelessstation is gathered in proximity to the WAP.
 6. The method of claim 4,further comprising assigning a new tag in the table of tags for wirelesscommunications activity gathered from an unidentified wireless station.7. The method of claim 4, further comprising assigning a wildcard tagfor wireless communications activity intercepted from an unidentifiedwireless station that is not authenticated by the WAP.
 8. The method ofclaim 1, wherein analyzing the gathered wireless communicationscomprises determining usage patterns by tracking a specified wirelessstation in proximity to the WAP, and detecting one or more reactions ofa specified target device that correspond to specified wireless station;and determining a new network event rule for the specified wirelessstation with conditional parameters from the usage patterns toautomatically initiate the reaction for the specified the target devicebased on future gathered wireless communications activity from thespecified target device.
 9. The method of claim 1, wherein the wirelesscommunications include activity independent of the one or more wirelessstations authenticated with the WAP.
 10. The method of claim 1, whereingathering the wireless communication activity comprises interceptingwireless communication activity of a wireless station that isunassociated with the WAP.
 11. The method of claim 1, wherein gatheringthe wireless communication activity is via at least one of channelscanning, deep packet inspection, and probe requests.
 12. The method ofclaim 1, wherein the conditional parameters for a network event ruleinclude a change in proximity of the one or more wireless stationsrelative to the WAP based on the gathered wireless communicationsactivity.
 13. The method of claim 12, wherein the change in proximityindicates whether the one or more wireless stations is moving towards oraway from the WAP based on the gathered wireless communicationsactivity.
 14. The method of claim 1, wherein the conditional parametersfor a network event rule include a transition in communication status ofthe one or more wireless stations relative to the WAP based on gatheredwireless communications activity.
 15. A method comprising initiating anaction of a targeted device based on wireless communications activitygathered at a location of a wireless access point (WAP), wherein thegathered wireless communications activity is of one or more wirelessstations in proximity to the WAP, wherein the wireless communicationsincludes activity independent of the one or more wireless stationsrelationship with the WAP; wherein a network event rule indicates atleast a specified wireless station and the action of the targeteddevice, wherein the network event rule is triggered by conditionalparameters being satisfied based on gathered wireless communicationsactivity for the specified wireless station.
 16. The method of claim 15,wherein gathering the wireless communication activity is via at leastone of channel scanning and deep packet inspection.
 17. The method ofclaim 15, further comprising determining a new network event rule forthe specified wireless station to automatically initiate an observedaction for a corresponding target device with conditional parametersbased on usage patterns from gathered wireless communications activityfrom the specified wireless station.
 18. A wireless access point (WAP)configured to support wireless communications on a wireless local areanetwork (WLAN), and the WAP comprising: a plurality of componentscoupled to one another to form transmit and receive paths for processingwireless communications; a non-volatile memory storing network eventrules wherein one or more network event rules indicate at leastconditional parameters to initiate an action for a targeted device; anevent detection circuit to gather wireless communications activity at alocation of a wireless access point (WAP) of one or more wirelessstations in proximity to the WAP, and analyze the gathered wirelesscommunications activity to tag and track behavior of the one or morewireless stations in proximity to the WAP; and a rule initiation circuitto initiate an action for a target device indicated by a network eventrule, wherein the conditional parameters are satisfied at least in partby the gathered wireless communications activity from the one or morewireless stations matching a tag of the network event rule.
 19. The WAPof claim 18, wherein the conditional parameters for a network event ruleinclude a change in proximity of the one or more wireless stationsrelative to the WAP based on the gathered wireless communicationsactivity.
 20. The WAP of claim 18, wherein to gather the wirelesscommunication activity, the event detection circuit is to interceptwireless communication activity of a wireless station that isunassociated with the WAP.